Update of /cvs-repository/Zope3/lib/python/Zope/App/ZopePublication
In directory cvs.zope.org:/tmp/cvs-serv31507/lib/python/Zope/App/ZopePublication
Modified Files:
Tag: Zope-3x-branch
ZopePublication.py
Log Message:
Caused ZopePublication to check security on traversal.
Cause z3.py to register a permissive security policy by default.
=== Zope3/lib/python/Zope/App/ZopePublication/ZopePublication.py 1.1.2.16 => 1.1.2.17 ===
from Zope.Publisher.mapply import mapply
from Zope.Publisher.Exceptions import Retry
+from Zope.App.Security.SecurityManagement import getSecurityManager
from ZODB.POSException import ConflictError
from Zope.App.OFS.RootFolder import RootFolder
@@ -146,7 +147,9 @@
else:
raise NotFound(ob, name, request)
- return wrapper.Wrapper(ob2, ob, name=name)
+ wrapped = wrapper.Wrapper(ob2, ob, name=name)
+ getSecurityManager().validate(name, wrapped)
+ return wrapped
def getDefaultTraversal(self, request, ob):
if IBrowserPublisher.isImplementedBy(ob):
@@ -161,4 +164,7 @@
# the following may need to be fixed, as this component
# does assert a name, though we have no way of
# getting it here - chrism
- return (wrapper.Wrapper(r[0], ob, name=''), None)
+ name = ''
+ wrapped = wrapper.Wrapper(r[0], ob, name=name)
+ getSecurityManager().validate(name, wrapped)
+ return (wrapped, r[1])